Skip to content

epoll_create1

Intro

epoll_create1 - create a new instance of an epoll set for monitoring file descriptors

Description

The epoll_create1() system call performs the same task as epoll_create(), but it allows for additional features that are beneficial for certain applications. Flags specifies the behavior of the system call and may be used to specify a maximum number of descriptors that the target epoll instance will be able to contain (flags is a bitmask, and only one of the flags in the mask should be used). This syscall is useful in applications that depend on high performance and scalability, such as network servers.

Arguments

  • flags:int[OPT] - bits that specify the behavior of the system call. The flags may be a bitmask specifying the behavior of the system call. The only flag that should be used is EPOLL_CLOEXEC, which creates the epoll instance with the close-on-exec flag.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

epoll_create1

Type

Tracepoint

Purpose

To monitor the execution of the epoll_create1 system call.

Example Use Case

The epoll_create1 system call can be used to create a new instance of an epoll set for monitoring a large number of file descriptors. This system call is particularly useful for servers that constantly need to monitor a large number of file descriptors.

Issues

None.

  • epoll_ctl - used to control an instance of an epoll set
  • epoll_wait - used to wait for events from an instance of an epoll set

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.